Thanks for your help so far,below are the files that you would like to see.Had probs.trying to save log on the Trendmicro Housecall, so I run Kaspersky.The good news my desktop looks like it back to norm....
Logfile of HijackThis v1.99.1
Scan saved at 17:57:20, on 09/02/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
c:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
c:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\wuauclt.exe
C:\unzipped\hijackthis\HijackThis.exe
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext =
http://ie.redirect.hp.com/svs/rdr?TYPE= ... &pf=laptop
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - Global Startup: BTTray.lnk = ?
O8 - Extra context menu item: Send To &Bluetooth - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_GB&c=Q105&bd=pavilion&pf=laptop
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) -
http://www.kaspersky.com/kos/english/ka ... nicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) -
http://go.microsoft.com/fwlink/?linkid=48835
O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class) -
http://h20270.www2.hp.com/ediags/gmn/in ... er_gmn.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) -
http://www.fileplanet.com/fpdlmgr/cabs/ ... 0_0_44.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
http://v5.windowsupdate.microsoft.com/v ... 0980174234
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) -
http://us-housecall.trendmicro-europe.c ... hcImpl.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) -
https://h17000.www1.hp.com/ewfrf-JAVA/S ... anager.ocx
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) -
http://messenger.msn.com/download/MsnMe ... loader.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: widimg - {EE7C2AFF-5742-44FF-BD0E-E521B0D3C3BA} - C:\WINDOWS\system32\btxppanel.dll
O20 - Winlogon Notify: Dynamic Directory - C:\WINDOWS\system32\sdfolder.dll (file missing)
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - c:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe (file missing)
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe
KASPERSKY ON-LINE SCANNER REPORT
Thursday, February 09, 2006 5:44:01 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky On-line Scanner version: 5.0.78.0
Kaspersky Anti-Virus database last update: 9/02/2006
Kaspersky Anti-Virus database records: 175837
Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true
Scan Target My Computer
C:\
D:\
Scan Statistics
Total number of scanned objects 44534
Number of viruses found 23
Number of infected objects 63
Number of suspicious objects 0
Duration of the scan process 00:44:24
Infected Object Name Virus Name Last Action
C:\Program Files\Microsoft AntiSpyware\Quarantine\85C768BA-D8CA-4D4E-9D68-5BD541\01EDEAD7-F6D3-4B45-A5E2-B1DE79/InpB/SskBho.dll Infected: not-a-virus:AdWare.Win32.SurfSide.ai skipped
C:\Program Files\Microsoft AntiSpyware\Quarantine\85C768BA-D8CA-4D4E-9D68-5BD541\01EDEAD7-F6D3-4B45-A5E2-B1DE79/InpB/SskCore.dll Infected: not-a-virus:AdWare.Win32.SurfSide.aa skipped
C:\Program Files\Microsoft AntiSpyware\Quarantine\85C768BA-D8CA-4D4E-9D68-5BD541\01EDEAD7-F6D3-4B45-A5E2-B1DE79/InpB/Ssk3RepairInstall.exe Infected: not-a-virus:AdWare.Win32.SurfSide.aa skipped
C:\Program Files\Microsoft AntiSpyware\Quarantine\85C768BA-D8CA-4D4E-9D68-5BD541\01EDEAD7-F6D3-4B45-A5E2-B1DE79/InpB Infected: not-a-virus:AdWare.Win32.SurfSide.aa skipped
C:\Program Files\Microsoft AntiSpyware\Quarantine\85C768BA-D8CA-4D4E-9D68-5BD541\01EDEAD7-F6D3-4B45-A5E2-B1DE79 CAB: infected - 4 skipped
C:\Program Files\Norton AntiVirus\Quarantine\089376C7.exe Infected: Trojan-Downloader.Win32.Adload.l skipped
C:\Program Files\Norton AntiVirus\Quarantine\0B861B72.exe Infected: Trojan-Downloader.Win32.Agent.aea skipped
C:\Program Files\Norton AntiVirus\Quarantine\0B861B72.txt Infected: Trojan-Downloader.Win32.Agent.aea skipped
C:\Program Files\Norton AntiVirus\Quarantine\0E4342B9.dll Infected: not-a-virus:AdWare.Win32.SurfSide.aa skipped
C:\Program Files\Norton AntiVirus\Quarantine\12A707B0.exe Infected: Trojan-Downloader.Win32.Agent.aea skipped
C:\Program Files\Norton AntiVirus\Quarantine\12A707B0.txt Infected: Trojan-Downloader.Win32.Agent.aea skipped
C:\Program Files\Norton AntiVirus\Quarantine\12AA31AD.exe Infected: Trojan-Downloader.Win32.Agent.aea skipped
C:\Program Files\Norton AntiVirus\Quarantine\12AA31AD.txt Infected: Trojan-Downloader.Win32.Agent.aea skipped
C:\Program Files\Norton AntiVirus\Quarantine\12AE5BA9.exe Infected: Trojan-Downloader.Win32.Agent.aea skipped
C:\Program Files\Norton AntiVirus\Quarantine\12AE5BA9.txt Infected: Trojan-Downloader.Win32.Agent.aea skipped
C:\Program Files\Norton AntiVirus\Quarantine\42DE0450.exe Infected: Trojan-Downloader.Win32.Small.buy skipped
C:\Program Files\Norton AntiVirus\Quarantine\45BE3D73.txt Infected: Trojan-Downloader.Win32.Agent.aea skipped
C:\Program Files\Norton AntiVirus\Quarantine\4D436115.dll Infected: not-a-virus:AdWare.Win32.SurfSide.aa skipped
C:\Program Files\Norton AntiVirus\Quarantine\4E6E404F.dll Infected: not-a-virus:AdWare.Win32.SurfSide.ai skipped
C:\Program Files\Norton AntiVirus\Quarantine\6DB8617A Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\Program Files\Norton AntiVirus\Quarantine\6DB8617A.exe/data0001 Infected: not-a-virus:AdWare.Win32.CommAd.a skipped
C:\Program Files\Norton AntiVirus\Quarantine\6DB8617A.exe Inno: infected - 1 skipped
C:\Program Files\Norton AntiVirus\Quarantine\6DB8617A.exe CryptFF: infected - 1 skipped
C:\Program Files\Norton AntiVirus\Quarantine\6DB8617A.tmp Infected: not-a-virus:AdWare.Win32.SurfSide.j skipped
C:\Program Files\Norton AntiVirus\Quarantine\6DBB0B76.exe Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\Program Files\Norton AntiVirus\Quarantine\6DBF3572.txt Infected: Trojan.Win32.StartPage.adi skipped
C:\Program Files\Norton AntiVirus\Quarantine\6DC25F6F.dll Infected: not-a-virus:AdWare.Win32.SurfSide.ai skipped
C:\Program Files\Norton AntiVirus\Quarantine\7D152651 Infected: not-a-virus:AdWare.Win32.AzSearch.b skipped
C:\Program Files\Norton AntiVirus\Quarantine\7FF55F74.exe Infected: Trojan-Downloader.Win32.Agent.aea skipped
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP138\A0021034.dll Infected: not-a-virus:AdWare.Win32.SurfSide.ai skipped
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP138\A0021035.dll Infected: not-a-virus:AdWare.Win32.SurfSide.aa skipped
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP138\A0021044.dll Infected: not-a-virus:AdWare.Win32.AzSearch.b skipped
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP138\A0021045.exe Infected: Trojan-Downloader.Win32.VB.ri skipped
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP138\A0021046.exe/InpB/SskBho.dll Infected: not-a-virus:AdWare.Win32.SurfSide.ai skipped
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP138\A0021046.exe/InpB/SskCore.dll Infected: not-a-virus:AdWare.Win32.SurfSide.aa skipped
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP138\A0021046.exe/InpB/Ssk3RepairInstall.exe Infected: not-a-virus:AdWare.Win32.SurfSide.aa skipped
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP138\A0021046.exe/InpB Infected: not-a-virus:AdWare.Win32.SurfSide.aa skipped
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP138\A0021046.exe CAB: infected - 4 skipped
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP139\A0021053.dll Infected: not-a-virus:AdWare.Win32.AzSearch.b skipped
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP139\A0021057.exe Infected: Trojan-Clicker.Win32.VB.kc skipped
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP139\A0021058.exe Infected: Trojan.Win32.StartPage.ahg skipped
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP139\A0021063.exe Infected: not-virus:Hoax.Win32.Renos.az skipped
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP139\A0021066.dll Infected: not-a-virus:AdWare.Win32.SurfSide.ai skipped
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP139\A0021069.dll Infected: not-a-virus:AdWare.Win32.SurfSide.ai skipped
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP139\A0021070.dll Infected: not-a-virus:AdWare.Win32.SurfSide.aa skipped
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP139\snapshot\MFEX-54.DAT Infected: not-a-virus:AdWare.Win32.SurfSide.ai skipped
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP139\snapshot\MFEX-55.DAT Infected: not-a-virus:AdWare.Win32.SurfSide.aa skipped
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP140\A0022135.exe Infected: Trojan.Win32.Small.hf skipped
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP140\A0022136.exe Infected: Trojan-Downloader.Win32.VB.ri skipped
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP140\A0022137.exe Infected: Trojan-Downloader.Win32.VB.vr skipped
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP141\A0023195.exe Infected: Trojan-Spy.Win32.Small.dp skipped
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP141\A0023196.exe Infected: not-virus:Hoax.Win32.Renos.az skipped
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP141\A0023198.exe Infected: Trojan-Downloader.Win32.Adload.j skipped
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP141\A0023199.exe Infected: Trojan-Spy.Win32.Agent.fr skipped
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP141\A0023200.exe Infected: Trojan-Downloader.Win32.Adload.o skipped
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP141\A0024190.dll Infected: Trojan-Spy.Win32.Small.eu skipped
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP141\A0024191.dll Infected: Trojan-Spy.Win32.Small.eu skipped
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP141\A0024192.exe Infected: not-a-virus:Monitor.Win32.NetMon.a skipped
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP141\A0024193.exe Infected: Trojan-Downloader.Win32.VB.vr skipped
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP141\A0024194.exe Infected: Trojan-Spy.Win32.Small.eu skipped
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP141\A0024195.exe Infected: Trojan-Downloader.Win32.Harnig.bb skipped
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP141\A0024196.exe Infected: Trojan-Spy.Win32.Small.dp skipped
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP141\A0024197.exe Infected: Trojan-Clicker.Win32.VB.kc skipped
Scan process completed.
---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------
+ Created on: 13:17:07, 09/02/2006
+ Report-Checksum: E2814E3E
+ Scan result:
C:\Documents and Settings\Lewis\Cookies\lewis@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00001.dll -> Logger.Small.eu : Cleaned with backup
C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00002.dll -> Logger.Small.eu : Cleaned with backup
C:\Program Files\Network Monitor\netmon.exe -> Not-A-Virus.Monitor.Win32.NetMon.a : Cleaned with backup
C:\RECYCLER\S-1-5-21-2344818603-1096814532-1201881274-1007\Dc2.exe -> Downloader.VB.vr : Cleaned with backup
C:\WINDOWS\kl1.exe -> Logger.Small.eu : Cleaned with backup
C:\WINDOWS\loadadv728.exe -> Downloader.Harnig.bb : Cleaned with backup
C:\WINDOWS\system32\mpcsvc.exe -> Logger.Small.dp : Cleaned with backup
C:\WINDOWS\winsysban5.exe -> Hijacker.VB.kc : Cleaned with backup
::Report End
smitRem © log file
version 2.8
by noahdfear
Microsoft Windows XP [Version 5.1.2600]
The current date is: 09/02/2006
The current time is: 10:42:19.79
Running from
C:\Documents and Settings\Administrator\Desktop\smitRem
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Pre-run SharedTask Export
(GetSTS.exe) SharedTaskScheduler exporter by Lawrence Abrams (Grinler)
Copyright(C) 2006 BleepingComputer.com
Registry Pseudo-Format Mode (Not a valid reg file):
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{438755C2-A8BA-11D1-B96B-00A0C90312E1}\InProcServer32]
@="%SystemRoot%\system32\browseui.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8C7461EF-2B13-11d2-BE35-3078302C2030}\InProcServer32]
@="%SystemRoot%\system32\browseui.dll"
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
checking for ShudderLTD key
ShudderLTD key not present!
checking for PSGuard.com key
PSGuard.com key not present!
checking for WinHound.com key
WinHound.com key not present!
spyaxe uninstaller NOT present
Winhound uninstaller NOT present
SpywareStrike uninstaller NOT present
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Existing Pre-run Files
~~~ Program Files ~~~
~~~ Shortcuts ~~~
~~~ Favorites ~~~
~~~ system32 folder ~~~
~~~ Icons in System32 ~~~
~~~ Windows directory ~~~
secure32.html
~~~ Drive root ~~~
secure32.html
~~~ Miscellaneous Files/folders ~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright(C) 2002-2003
Craig.Peacock@beyondlogic.org
Killing PID 848 'explorer.exe'
Killing PID 848 'explorer.exe'
Starting registry repairs
Registry repairs complete
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
SharedTask Export after registry fix
(GetSTS.exe) SharedTaskScheduler exporter by Lawrence Abrams (Grinler)
Copyright(C) 2006 BleepingComputer.com
Registry Pseudo-Format Mode (Not a valid reg file):
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{438755C2-A8BA-11D1-B96B-00A0C90312E1}\InProcServer32]
@="%SystemRoot%\system32\browseui.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8C7461EF-2B13-11d2-BE35-3078302C2030}\InProcServer32]
@="%SystemRoot%\system32\browseui.dll"
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Deleting files
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Remaining Post-run Files
~~~ Program Files ~~~
~~~ Shortcuts ~~~
~~~ Favorites ~~~
~~~ system32 folder ~~~
~~~ Icons in System32 ~~~
~~~ Windows directory ~~~
~~~ Drive root ~~~
~~~ Miscellaneous Files/folders ~~~
~~~ Wininet.dll ~~~
CLEAN!